github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 22:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(agents): dedupe exec preflight fixtures and cover quoted-path skip

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 19:29:41 +00:00
parent 8f11868cc2
commit 8f1b467646
1 changed files with 74 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/agents/bash-tools.exec.script-preflight.test.ts
View File

@@ -6,13 +6,20 @@ import { createExecTool } from "./bash-tools.exec.js";
const isWin = process.platform === "win32"; const isWin = process.platform === "win32";
describe("exec script preflight", () => { const describeNonWin = isWin ? describe.skip : describe;
it("blocks shell env var injection tokens in python scripts before execution", async () => {
if (isWin) {
return;
}
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-exec-preflight-")); async function withTempDir(prefix: string, run: (dir: string) => Promise<void>) {
const dir = await fs.mkdtemp(path.join(os.tmpdir(), prefix));
try {
await run(dir);
} finally {
await fs.rm(dir, { recursive: true, force: true });
}
}
describeNonWin("exec script preflight", () => {
it("blocks shell env var injection tokens in python scripts before execution", async () => {
await withTempDir("openclaw-exec-preflight-", async (tmp) => {
const pyPath = path.join(tmp, "bad.py"); const pyPath = path.join(tmp, "bad.py");
await fs.writeFile( await fs.writeFile(
@@ -35,13 +42,10 @@ describe("exec script preflight", () => {
}), }),
).rejects.toThrow(/exec preflight: detected likely shell variable injection \(\$DM_JSON\)/); ).rejects.toThrow(/exec preflight: detected likely shell variable injection \(\$DM_JSON\)/);
}); });
});
it("blocks obvious shell-as-js output before node execution", async () => { it("blocks obvious shell-as-js output before node execution", async () => {
if (isWin) { await withTempDir("openclaw-exec-preflight-", async (tmp) => {
return;
}
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-exec-preflight-"));
const jsPath = path.join(tmp, "bad.js"); const jsPath = path.join(tmp, "bad.js");
await fs.writeFile( await fs.writeFile(
@@ -61,13 +65,25 @@ describe("exec script preflight", () => {
/exec preflight: (detected likely shell variable injection|JS file starts with shell syntax)/, /exec preflight: (detected likely shell variable injection|JS file starts with shell syntax)/,
); );
}); });
});
it("skips preflight when script token is quoted and unresolved by fast parser", async () => {
await withTempDir("openclaw-exec-preflight-", async (tmp) => {
const jsPath = path.join(tmp, "bad.js");
await fs.writeFile(jsPath, "const value = $DM_JSON;", "utf-8");
const tool = createExecTool({ host: "gateway", security: "full", ask: "off" });
const result = await tool.execute("call-quoted", {
command: 'node "bad.js"',
workdir: tmp,
});
const text = result.content.find((block) => block.type === "text")?.text ?? "";
expect(text).not.toMatch(/exec preflight:/);
});
});
it("skips preflight file reads for script paths outside the workdir", async () => { it("skips preflight file reads for script paths outside the workdir", async () => {
if (isWin) { await withTempDir("openclaw-exec-preflight-parent-", async (parent) => {
return;
}
const parent = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-exec-preflight-parent-"));
const outsidePath = path.join(parent, "outside.js"); const outsidePath = path.join(parent, "outside.js");
const workdir = path.join(parent, "workdir"); const workdir = path.join(parent, "workdir");
await fs.mkdir(workdir, { recursive: true }); await fs.mkdir(workdir, { recursive: true });
@@ -82,4 +98,5 @@ describe("exec script preflight", () => {
const text = result.content.find((block) => block.type === "text")?.text ?? ""; const text = result.content.find((block) => block.type === "text")?.text ?? "";
expect(text).not.toMatch(/exec preflight:/); expect(text).not.toMatch(/exec preflight:/);
}); });
});
}); });